May 31, 2011 14:41 GMT  ·  By

Security researchers from RSA warn that cyber criminals are increasingly selling remote desktop access to infected computers by the unit based on several criteria.

Such services are being offered by the traditional CC shops that specialize in the selling of stolen credit card information.

"It is rather common that CC shop operators are also bot-herders (or people who have access to botnets), selling the stolen CC data collected by their Trojans.

"By adding the sale of RDP access to his shop, the seller grants fraudsters the choice to exploit PCs they would otherwise have no way of tampering with," the RSA researchers explain.

The selling of Remote Desktop Protocol (RDP) access credentials has been practiced before, but usually in an unorganized fashion and not in specific volume quantities.

The new services allows fraudsters to filter their purchases by geographic location (country, region, city), the bandwidth available to the computer (download and upload separately), the RDP user's level of access (admin or not), OS version and even hardware specs such as CPU and RAM.

One selection criterion that particularly stands out from the rest is whether any poker clients are installed on the compromised computers or not.

This suggests some possible uses for the RDP access. On one hand, users who have poker clients installed are more likely to access online payment services or input credit card information into web forms.

On the other hand, the access can also be used to take control over a poker client, start a game with another account controlled by the attacker, and transfer the money by losing it. Some poker clients even allow direct user to user transfers.

An RDP-controlled computer from a certain area can also be used to initiate fraudulent transfers or open accounts with local financial services without arousing suspicion. According to RSA, the offers for RDP access vary between $1 and $2 per computer.